Back to skill

Security audit

Agensi MCP — AI Agent Skill Marketplace

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed connector to Agensi's remote skill marketplace, with the main caveat that searches go to Agensi's service.

Install this only if you are comfortable connecting your agent to Agensi's MCP service. Avoid sending sensitive prompts, private repository details, or confidential search terms through the marketplace tools, and review any returned skill listings or install instructions before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This markdown file instructs users to connect their agent to `https://mcp.agensi.io/mcp` and then use remote tools, but it does not disclose any privacy or data-sharing implications of sending prompts or search terms to a third-party service. For a skill that affects network/privacy behavior, the description should explicitly warn users that their requests are transmitted externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.